Browsing tag
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe […]
Oculus enables users to connect their Facebook accounts for a more “social” experience. This can be done using both the native Windows Oculus application and using browsers. I took a deeper look at the native Windows flow, and found a CSRF vulnerability which allowed me to connect a victim’s Facebook account to attacker’s Oculus account. […]
BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’s from a target website Automatically collect all dynamic URL’s and parameters from a […]
A new Critical CSRF Vulnerability discovered in widely used phpMyAdmin open source admin tool allows an attacker perform harmful database operation such as DROP TABLE With A Single Click, Deleting Records in Database. CSRF Vulnerability is one of the critical web application vulnerability that is listed in OWASP Top 10 vulnerability since 2013. phpMyAdmin is […]
(CSRF) cross site request forgery Is a common vulnerability in a Web application, in which hacker/hacker browser victim to generate requests for a website that performs specific actions on behalf of the registered user or victim. The Web server receives the request and performs the required work on that request, which sounds like a normal […]
Cross-site request forgery (CSRF) is a common web application vulnerability, in which an attacker/hacker fools the victim’s browser into generating requests to a website which performs specific actions on behalf of the logged in user or the victim. The web server receiving the request and performs the desired actions of the request, which looks similar […]
A Trend Micro product ServerProtect for Linux 3.0 Contain 6 Major and very critical vulnerabilities Discovered. ServerProtect Protecting against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems. This 6 vulnerabilities allowing remote code execution as root in the Victims Machine by via Man-in-the-Middle Attack and exploiting vulnerabilities […]
[jpshare] Wordpress vulnerable to Cross-Site Request Forgery in Connection Information – Not yet fixed with the last Update. WordPress is a free online Open source content Managed system focused on PHP and MySQL. It is one the powerful and most used blogging tool. This CSRF issue has been found in Summer of Pwnage hack event which held between July […]
Most expected WordPress 4.7.3 is now available for update. This security update covers six security issues that exists with WordPress version 4.7.2. Security issues: Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect URL validation. Reported by Daniel Chatfield. Unintended files can be […]